Malicious PDF — malware analysis report

Static analysis result for SHA-256 44731159d157a23d…

MALICIOUS

PDF

37.6 KB Created: 2021-02-13 11:36:30 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7) First seen: 2021-09-24
MD5: 3bd2cd890aae037cdc05daa49eb2044c SHA-1: 21adc1d0f930e19711f6ebe6145d4235a37d3426 SHA-256: 44731159d157a23de440c354148ec06f18b5cef19c45fc554b2c1bd1ef96ec74
114 Risk Score
Tags
free-cdn-ebook-manual-lure

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

This PDF document was flagged as malicious by ClamAV and an ML classifier. The file uses an image-based lure. Specific URLs and indicators for this sample are listed in the indicators section.

Machine Learning

  • Nyx PDF Classifier malicious score 0.6482

Heuristics 4

  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • Image-only document with action trigger (screenshot lure) medium PDF_IMAGE_LURE
    PDF has 1 image(s), only 0 text block(s), carries a click-outward action, and is only 37 KB — typical shape of a phishing lure where a full-page screenshot hides a clickable button that launches or submits to an attacker URL.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://jacksth.ru/aws?utm_term=collins+dictionary+synonyms PDF link annotation
    • https://cdn.sqhk.co/winelolibug/kk0jUha/offroad_tractor_farmer_simulator_2018_cargo_drive.pdfIn PDF document text
    • https://cdn-cms.f-static.net/uploads/4470029/normal_6013706c2e389.pdfIn PDF document text
    • https://cdn.sqhk.co/waxipefimafa/cPmgeia/46843654301.pdfIn PDF document text
    • https://static.s123-cdn-static.com/uploads/4448746/normal_5fcae76560d9a.pdfIn PDF document text
    • https://cdn-cms.f-static.net/uploads/4474978/normal_5fd3d6fe9d935.pdfIn PDF document text
    • http://idealicaitaly-ufficiale.site/mobikawelulupnj9c6.pdfIn PDF document text
    • https://s3.amazonaws.com/nijosinizo/teaching_textbook_algebra_1_answer_key.pdfIn PDF document text
    • https://s3.amazonaws.com/jukoxisojow/brake_caliper_guide_pin_boot_replacement.pdfIn PDF document text
    • https://s3.amazonaws.com/risisipajole/date_sheet_of_cricket_world_cup_2019.pdfIn PDF document text
    • https://s3.amazonaws.com/zufaxepixiguxax/bavipalunezivuz.pdfIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.